path traversal vulnerabilities and exploits

(subscribe to this query)

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote malicious users to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot ba...

Elastic Path Elastic Path 4.1 Elastic Path Elastic Path 4.1.1

2 EDB exploits

resolve-path node module prior to 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.

Resolve-path Project Resolve-path

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. before 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.

Cabraviva Path-sanitizer

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated malicious user to gain access to arbitrary files on the device's file system.

An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...

Open-emr Openemr

3 Github repositories

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperRepo...

Tibco Jasperreports Library Tibco Jasperreports Library 6.3.4 Tibco Jasperreports Library 6.4.1 Tibco Jasperreports Library 6.4.2 Tibco Jasperreports Library 6.4.21 Tibco Jasperreports Library 7.1.0 Tibco Jasperreports Library 7.2.0 Tibco Jasperreports Server Tibco Jasperreports Server 6.3.4 Tibco Jasperreports Server 6.4.0 Tibco Jasperreports Server 6.4.1 Tibco Jasperreports Server 6.4.2

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated malicious users to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch ...

Grandnode Grandnode 4.40

1 EDB exploit1 Github repository

Evernote 7.9 on macOS allows malicious users to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

Evernote Evernote 7.9

1 EDB exploit

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an malicious user to upload a file to any folde...

Sni Thruk Thruk Thruk

1 Github repository

LimeSurvey prior to 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

Limesurvey Limesurvey Limesurvey Limesurvey 4.1.12

1 Metasploit module

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook